CVE-2019-0729 - An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric key

CVE-2019-0729

Summary

An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729
http://www.securityfocus.com/bid/106966

Vulnerable Configurations

cpe:2.3:a:microsoft:java_software_development_kit:-:*:*:*:*:azure_internet_of_things:*:*
cpe:2.3:a:microsoft:java_software_development_kit:-:*:*:*:*:azure_internet_of_things:*:*

CVSS

Base:	7.5 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:

CWE

CWE-332

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	106966
confirm	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0729

Last major update

21-07-2021 - 11:39

Published

05-03-2019 - 23:29

Last modified

21-07-2021 - 11:39